I have a virus scan running and it's found a virus in my Thunderbird inbox file. Of course, I don't want to delete the inbox file, and the anti-virus (AVG) can't seem to pull it out. There are lots of messages my mailbox and I don't want to try to look at each attachment and figure out if it has the virus.

How do get rid of the offending bits?

Edit: Folks, this is not Thunderbird using AVG as a proxy and AVG detecting a virus in my mailbox on the server. What's happening is that I have my email program off, not running. AVG is doing a system scan. It finds a file with several copies of the same virus in it. That file is a Thunderbird inbox file. Obviously, I don't want to delete the file wholesale, because it's my inbox ( or one of its subfolders )! So apparently AVG can't pull it out. There are thousands of messages in my inbox ( I'm a packrat, what can I say, someday I'd like to go back and see what my friends and family were saying to me way back when ) so I can't just go in and "find it".

4 Answers
4

Since the inbox file is a monolithic blob to AVG, and you don't know what message has the offending attachment, you'll probably need to take a divide & conquer approach: First, sort by attachment, then create a few sub-folders and move groups of emails into each one, rescan, etc.

Any reason you can't simply do it from inside Thunderbird? There are a few options. Run Thunderbird in Safe Mode to remove it. You could also open the inbox file yourself using a text editor and delete that message. You'll likely need a text editor that can handle large files and some way to identify the message within it. The attachment should have a MimeType associated with it and be encoded (probably Base64, looks like a big block of gibberish).

Although, I'm a little confused how AVG was able to detect the virus in the text file. Maybe you have Thunderbird setup to use AVG as a proxy for its mail? In which case, I would've expected it to remove the virus before ever getting to Thunderbird and you won't likely find it in your inbox.

"Any reason you can't simply do it from inside Thunderbird?" Sure! Which message is it? I have messages going back a few years. :) "Although, I'm a little confused how AVG was able to detect the virus in the text file" The same way it detects viruses inside zip files. A regular old file scan. "Maybe you have Thunderbird setup to use AVG as a proxy for its mail? " Nope.
–
user13743Feb 10 '10 at 21:46

Attachments aren't stored in executable form in Thunderbird's inbox file, unlike a ZIP file, they're encoded into an ASCII representation. I'm not sure whether AVG would try to detect it in that form if it can't remove it and already has a method for e-mail scanning via proxy/plugin. My mistake on the first part... I thought AVG was able to give you a clue of which message it was (like it detected it in a new batch you just downloaded from the server).
–
IoanFeb 11 '10 at 13:23

Well, all I know is that I don't have it set up as a proxy for email, and when I do a full scan of my system when my email program is not running, it reports several viruses found in a single file, and that file is one of the inbox files in the Thunderbird directory. So it seemed like it's detecting data in encoded attachments.
–
user13743Feb 11 '10 at 15:47

chris's answer is probably the way to go in this case. Just remember to compact the source folder after moving the messages to another one to actually remove them from the file, not just mark them as deleted. Scan the two inbox files (source and destination). Repeat until gone.
–
IoanFeb 12 '10 at 13:12

Perhaps I have newer antivirus - I'm using Norton, because my anti-virus software managed to give me the file name in the report. Seems like virus's are usually an attachment (usually a .doc or .zip). I was able to use Cygwin grep command to search my Thunderbird mailbox files for the file name. Having seen it in the mailbox file, I then used Cygwin via text editor to find the file name and see details about the individual email in which the virus was contained. Then simply used Thunderbird to delete.

Other file search and edit tools will probably work also, but remember these are large files and so there are long delays in searching and editing.

I notice that norton isn't finding anything on my computer, except in old mail, so perhaps the servers are getting better at finding and eliminating these kinds of mails.